过滤器的应用之自动登录--filter(三)

实现用户自动登陆的过滤器

原理：在用户登陆成功后，以cookis形式发送用户名、密码给客户端

编写一个过滤器，filter方法中检查cookie中是否带有用户名、密码信息，如果存在则调用业务层登陆方法，登陆成功后则向session中存入user对象（即用户登陆标记），以实现程序完成自动登陆

package com.jjyy.web;import java.io.IOException;import java.sql.SQLException;import javax.servlet.ServletException;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.apache.commons.dbutils.QueryRunner;import org.apache.commons.dbutils.handlers.BeanHandler;import com.jjyy.domain.User;import com.jjyy.util.DaoUtils;import com.jjyy.util.MD5Utils;public class LoginServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {//1.获取用户名密码String name = request.getParameter("name");String password  = MD5Utils.md5(request.getParameter("password"));//2.校验用户名密码String sql = "select * from user where name = ? and password = ? ";User user = null;try {QueryRunner runner = new QueryRunner(DaoUtils.getSource());user = runner.query(sql, new BeanHandler<User>(User.class),name,password);} catch (SQLException e) {e.printStackTrace();}if(user == null){response.getWriter().write("用户名密码不正确");return;}else{//3.登录用户request.getSession().setAttribute("user", user);// 如果用户勾选过30天内自动登陆,发送自动登陆cookieif("true".equals(request.getParameter("autologin"))){Cookie autologinC = new Cookie("autologin",user.getName()+":"+user.getPassword());autologinC.setPath(request.getContextPath());autologinC.setMaxAge(3600*24*30);response.addCookie(autologinC);}//4.重定向到主页response.sendRedirect(request.getContextPath()+"/index.jsp");}}public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {doGet(request, response);}}

package com.jjyy.web;import java.io.IOException;import javax.servlet.ServletException;import javax.servlet.http.HttpServlet;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;public class LogoutServlet extends HttpServlet {public void doGet(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {if(request.getSession(false)!=null){request.getSession().invalidate();}response.sendRedirect(request.getContextPath()+"/index.jsp");}public void doPost(HttpServletRequest request, HttpServletResponse response)throws ServletException, IOException {doGet(request, response);}}

package com.jjyy.domain;import java.io.Serializable;public class User implements Serializable {private int id;private String name;private String password;private String role;public int getId() {return id;}public void setId(int id) {this.id = id;}public String getName() {return name;}public void setName(String name) {this.name = name;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}public String getRole() {return role;}public void setRole(String role) {this.role = role;}}

package com.jjyy.filter;import java.io.IOException;import java.sql.SQLException;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.Cookie;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import javax.xml.registry.infomodel.User;import org.apache.commons.dbutils.QueryRunner;import org.apache.commons.dbutils.handlers.BeanHandler;import com.jjyy.util.DaoUtils;/** * autoLoginFilter * @author JiangYu * */public class AutoLoginFilter implements Filter {public void destroy() {}public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest) request;HttpServletResponse resp = (HttpServletResponse) response;//1.只有未登录的用户才能自动登陆if(req.getSession(false)==null || req.getSession().getAttribute("user")==null){//2.只有带了自动登陆cookie的用户才能自动登陆Cookie [] cs = req.getCookies();Cookie findC = null;if(cs!=null){for(Cookie c : cs){if("autologin".equals(c.getName())){findC = c;break;}}}if(findC!=null){//3.自动登录Cookie中保存的用户名密码都需要是正确的才能自动登陆String name = findC.getValue().split(":")[0];String password= findC.getValue().split(":")[1];String sql = "select * from user where name = ? and password = ? ";User user = null;try {QueryRunner runner = new QueryRunner(DaoUtils.getSource());user = runner.query(sql, new BeanHandler<User>(User.class),name,password);} catch (SQLException e) {e.printStackTrace();}if(user!=null){req.getSession().setAttribute("user", user);}}}//无论是否自动登陆,都放行资源chain.doFilter(request, response);}public void init(FilterConfig arg0) throws ServletException {}}

package com.jjyy.filter;import java.io.IOException;import java.io.UnsupportedEncodingException;import java.util.Map;import javax.servlet.Filter;import javax.servlet.FilterChain;import javax.servlet.FilterConfig;import javax.servlet.ServletException;import javax.servlet.ServletRequest;import javax.servlet.ServletResponse;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletRequestWrapper;public class EncodeFilter implements Filter {private FilterConfig config = null;private String encode = null;public void destroy() {}public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {//响应的乱码处理response.setContentType("text/html;charset=utf-8");//装饰chain.doFilter(new MyHttpServletRequest((HttpServletRequest)request), response);}public void init(FilterConfig filterConfig) throws ServletException {this.config = filterConfig;this.encode = config.getInitParameter("encode")==null?"utf-8":config.getInitParameter("encode");}//请求乱码的处理class MyHttpServletRequest extends HttpServletRequestWrapper{private HttpServletRequest request = null;boolean isNotEncode = true;public MyHttpServletRequest(HttpServletRequest request) {super(request);this.request = request;}@Overridepublic Map getParameterMap() {try {if(request.getMethod().equalsIgnoreCase("POST")){request.setCharacterEncoding(encode);return request.getParameterMap();}else if(request.getMethod().equalsIgnoreCase("GET")){//request.getParameterMap()第一次会解决，然后缓存起来//request.getParameterMap()第二次直接从缓存中的mapMap<String,String[]> map = request.getParameterMap();if(isNotEncode){for(Map.Entry<String, String[]> entry:map.entrySet()){String [] vs = entry.getValue();for(int i=0;i<vs.length;i++){vs[i]= new String(vs[i].getBytes("iso8859-1"),encode);}}isNotEncode = false;}return map;}else{return request.getParameterMap();}} catch (UnsupportedEncodingException e) {e.printStackTrace();}return super.getParameterMap();}@Overridepublic String getParameter(String name) {return getParameterValues(name)==null?null:getParameterValues(name)[0];}@Overridepublic String[] getParameterValues(String name) {return (String[])getParameterMap().get(name);}}}

package com.jjyy.util;import java.math.BigInteger;import java.security.MessageDigest;import java.security.NoSuchAlgorithmException;public class MD5Utils {public static String md5(String plainText) {byte[] secretBytes = null;try {secretBytes = MessageDigest.getInstance("md5").digest(plainText.getBytes());} catch (NoSuchAlgorithmException e) {throw new RuntimeException("没有md5这个算法！");}String md5code = new BigInteger(1, secretBytes).toString(16);for (int i = 0; i < 32 - md5code.length(); i++) {md5code = "0" + md5code;}return md5code;}}

package com.jjyy.util;import java.sql.Connection;import java.sql.SQLException;import javax.sql.DataSource;import com.mchange.v2.c3p0.ComboPooledDataSource;public class DaoUtils {private static DataSource source = new ComboPooledDataSource();private DaoUtils() {}public static DataSource getSource(){return source;}public static Connection getConn(){try {return source.getConnection();} catch (SQLException e) {e.printStackTrace();throw new RuntimeException(e);}}}